{"id":110136,"date":"2025-08-06T14:13:23","date_gmt":"2025-08-06T14:13:23","guid":{"rendered":"https:\/\/my.legal500.com\/guides\/?post_type=comparative_guide&#038;p=110136"},"modified":"2025-08-19T11:19:47","modified_gmt":"2025-08-19T11:19:47","slug":"mexico-tmt","status":"publish","type":"comparative_guide","link":"https:\/\/my.legal500.com\/guides\/chapter\/mexico-tmt\/","title":{"rendered":"Mexico: TMT"},"content":{"rendered":"","protected":false},"template":"","class_list":["post-110136","comparative_guide","type-comparative_guide","status-publish","hentry","guides-tmt","jurisdictions-mexico"],"acf":[],"appp":{"post_list":{"below_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Nader, Hayaux &amp; Goebel<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2019\/07\/NHG-Logo-traditional-Hi-Res.jpg\"\/><\/span><\/div>"},"post_detail":{"above_title":"<div class=\"guide-author-details\"><span class=\"guide-author\">Nader, Hayaux &amp; Goebel<\/span><span class=\"guide-author-logo\"><img src=\"https:\/\/my.legal500.com\/guides\/wp-content\/uploads\/sites\/1\/2019\/07\/NHG-Logo-traditional-Hi-Res.jpg\"\/><\/span><\/div>","below_title":"<span class=\"guide-intro\">This country specific Q&amp;A provides an overview of TMT laws and regulations applicable in Mexico<\/span><div class=\"guide-content\"><div class=\"filter\">\r\n\r\n\t\t\t\t<input type=\"text\" placeholder=\"Search questions and answers...\" class=\"filter-container__search-field\">\r\n\t\t\t<\/div>\r\n\r\n\t\t\t\r\n\r\n\r\n\t\t\t<ol class=\"custom-counter\">\r\n\r\n\t\t\t\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software \u2013 How are proprietary rights in software and associated materials protected?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The Copyright Law safeguards the intellectual property of original authors to be reproduced or divulgated by any form. According to this law, Software programs are protected under the terms applicable to\u00a0 literary works <em>(obras literarias)<\/em>; under Article 5th thereunder, immediately after the software is created (and upon it has been affixed to a material support), the developer is entitled to copyright protection for its lifetime and an additional one hundred years; this protection is automatic, which means there is no obligation from the developer to register the software before the Mexican authorities, although its highly recommended to conduct such registration with the Copyright Public Registry (<em>Registro P\u00fablico de Derecho de Autor),<\/em> which is overseen by the National Institute of Copyright (<em>Instituto Nacional del Derecho de Autor, \u201cINDAUTOR\u201d<\/em>) for added certainty and protection.<\/p>\n<p>The economic copyright rights set forth in the Copyright Law entitle the holder thereof to authorize or prohibit, with respect to the applicable Software: (i) its permanent or temporary reproduction, in whole or in part, by any means; (ii) its the translation, adaptation, adjustment or any other modification thereto and the reproduction of the Software resulting therefrom; (iii) its distribution by any means, including through lease; (iv) its decompiling or disassembling, as well as the application of any reversion engineering processes thereto; and (v) the issuance of any public communication in connection therewith, including without limitation, any information made available to the public in general.<\/p>\n<p>In Mexico, it is not possible to patent Software. According to the IP Law, computer programs are not considered inventions and, therefore, cannot be patented.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software \u2013 In the event that software is developed by a software developer, consultant or other party for a customer, who will own the resulting proprietary rights in the newly created software in the absence of any agreed contractual position?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In accordance with the Copyright Law, the author or developer of a Software will own the resulting copyrights with respect to the newly created Software.<\/p>\n<p>Additionally, pursuant to Article 103 of the Copyright Law, if the Software is developed by one or several employees during their employment or following instructions of their employer, in the absence of an agreement to the contrary, the copyrights with respect to the Software shall correspond to the employer.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software \u2013 Are there any specific laws that govern the harm \/ liability caused by Software \/ computer systems?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There is no specific law or statute that governs the harm or liability caused by Software or computer systems. The general regulatory framework applicable to liability arising out between private individuals or legal entities or private acts is set forth in the Federal Civil Code <em>(C\u00f3digo Civil Federal)<\/em>, the Civil Codes <em>(C\u00f3digos Civiles) <\/em>for each federal entity of Mexico and the Commercial Code <em>(C\u00f3digo de Comercio)<\/em>. The applicable regulation shall depend on the specific context or situation.<\/p>\n<p>For instance, the Federal Consumer Protection Law (<em>Ley Federal de Protecci\u00f3n al Consumidor \u201cConsumer Protection Law\u201d<\/em>), protects the rights of the consumers and clients of any goods and services, including Software and computer systems. If a particular harm or liability is caused by Software in connection with Personal Data held by private parties, the applicable law will be the Federal Law for the Protection of Data Held by Private Parties (the \u201cNew Federal Privacy Law\u201d).<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software \u2013 To the extent not covered by (3) above, are there any specific laws that govern the use (or misuse) of software \/ computer systems?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>While there is no single statute that comprehensively governs the use or misuse of software or computer systems, various legal provisions may apply depending on the specific context and its consequences. For instance, the Federal Criminal Code (<em>C\u00f3digo Penal Federal<\/em>) penalizes unauthorized access to computer systems, data theft, and other cybercrimes, which may cover cases where software is used unlawfully to interfere with or damage systems or information.<\/p>\n<p>The Federal Copyright Law (<em>Ley Federal del Derecho de Autor<\/em>) also protects software as a literary work, meaning unauthorized reproduction, modification, or distribution can result in both civil and criminal liability for copyright infringement.<\/p>\n<p>Where personal data is involved, the New Federal Privacy Law applies, particularly for unauthorized access, use, or disclosure of personal data through software.<\/p>\n<p>Depending on the situation, applicable laws may include the Federal Criminal Code, Copyright Law, and data protection laws, with liability determined by the facts and nature of the misuse.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (Licence and SaaS) \u2013 Other than as identified elsewhere in this overview, are there any technology-specific laws that govern the provision of software between a software vendor and customer, including any laws that govern the use of cloud technology?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Other than the Code of Commerce (<em>C\u00f3digo de Comercio<\/em>), the Federal Telecommunications Law, the Consumer Protection Law, and the Financial Technology Institutions Law (<em>Ley para Regular las Instituciones de Tecnolog\u00eda Financiera, \u201cFinTech Law\u201d<\/em>), the New Federal Privacy Law<em>,<\/em> today there\u2019s not an identifiable technology-specific law that govern the provision of software between a software vendor and customer.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (License and SaaS) \u2013 Is it typical for a software vendor to cap its maximum financial liability to a customer in a software transaction? If \u2018yes\u2019, what would be considered a market standard level of cap?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Yes, it is typical for a software vendor to cap its maximum financial liability to a customer in a software transaction in Mexico. According to the Federal Civil Code (<em>C\u00f3digo Civil Federal<\/em>), civil liability or damages for breach of contract may be limited by the parties in the applicable agreement, except for liability arising from willful misconduct, which is always enforceable.<\/p>\n<p>The liability cap is typically determined in accordance with the aggregate amount of fees received by the licensor under the applicable software license agreement, and it is usually the amount of fees that would be received per 12 months. The market standard level of cap varies depending on the jurisdiction, but in Mexico, a cap on indemnification liability not to exceed 100% of the purchase price is common.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (License and SaaS) \u2013 Please comment on whether any of the following areas of liability would typically be excluded from any financial cap on the software vendor\u2019s liability to the customer or subject to a separate enhanced cap in a negotiated software transaction (i.e. unlimited liability): (a) confidentiality breaches; (b) data protection breaches; (c) data security breaches (including loss of data); (d) IPR infringement claims; (e) breaches of applicable law; (f) regulatory fines; (g) wilful or deliberate breaches.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The principle of \u201cparties free will\u201d (\u201c<em>autonom\u00eda de la voluntad de las partes<\/em>\u201d) contemplated in the Federal Civil Code (<em>C\u00f3digo Civil Federal<\/em>) provides that the parties to a software agreement, or to any other agreement, are entitled to cap their liability, or even release themselves from liability, in terms of the applicable agreement. There is no standard answer to this question because every transaction is different in matters of parties\u2019 liability in case of default or damages. However, as a general rule, liability arising from willful misconduct is not waivable pursuant to the Federal Civil Code. Further, liability arising from regulatory fines or felonies may not be limited nor waived pursuant to an agreement by private parties.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (License and SaaS) \u2013 Is it normal practice for software source codes to be held in escrow for the benefit of the software licensee? If so, who are the typical escrow providers used? Is an equivalent service offered for cloud-based software?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Although it is a highly recommended practice, is not a common practice for software developers in Mexico to hold in escrow their software source codes. Some of the typical escrow providers in our country are Praxis Technology Escrow and Escrow Tech.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Software Transactions (License and SaaS) \u2013 Are there any export controls that apply to software transactions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Mexico enforces export controls on software transactions, in alignment with its Foreign Trade Law (<em>Ley de Comercio Exterior<\/em>). These regulations encompass dual-use assets, software, technology, and goods, including data processing programs, data transmission, and telecommunications via electronic media, fax, telephone, satellite transmission, or any other means of communication that could potentially be diverted for the proliferation and manufacture of conventional weapons and weapons of mass destruction.<\/p>\n<p>Mexico&#8217;s export control framework exhibits a comprehensive scope, extending to technology transfers facilitated through various intangible mean such as USB memory, CDs, DVDs, phone calls, emails, and other controlled channels. The export of controlled assets, including software programs, technologies, and various other controlled goods, requires obtaining an export permit from the Ministry of Economy (<em>Secretar\u00eda de Econom\u00eda \u201cSE<\/em>\u201d) prior to their export.<\/p>\n<p>On June 16, 2011, the SE implemented the Previous Exportation Permit (<em>Permiso Previo para su Exportaci\u00f3n<\/em>). This permit governs the export of controlled assets, encompassing conventional firearms, their components, everyday dual-use items, software programs, technologies, and various other controlled goods. Notably, in cases involving assets of a sensitive nature, the Ministry of National Defense (<em>Secretar\u00eda de la Defensa Nacional<\/em>) may play a role in the issuance of these export licenses.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">IT Outsourcing \u2013 Other than as identified elsewhere in this questionnaire, are there any specific technology laws that govern IT outsourcing transactions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There isn&#8217;t a specific technology law governing IT outsourcing transactions in Mexico. Instead, these transactions fall under the purview of the Labor Law, which covers outsourcing matters, including those related to IT.<\/p>\n<p>Since the amendment to the Labor Law in 2019, the Mexican Federal Government has been diligently working to regulate outsourcing transactions with the aim of safeguarding the labor and social security rights of employees. Furthermore, with the 2021 amendment to the Labor Law, most outsourcing transactions were prohibited, permitting companies to outsource only specialized services, to the extent the outsourced services provider is registered before the REPSE (as explained below) as an authorized specialized services provider.<\/p>\n<p>On April 24, 2021, the Labor, and Employment Ministry (<em>Secretar\u00eda del Trabajo y Previsi\u00f3n Social,<\/em> \u201c<em>ST<\/em>\u201d) established the Registry of Specialized Service Providers or Specialized Works (<em>Registro de Prestadoras de Servicios Especializados u Obras Especializadas &#8220;REPSE&#8221;<\/em>) in which the outsourcing providers shall be registered.<\/p>\n<p>According to the Labor Law and the absence of technology-law regulation, IT services would be considered &#8220;specialized services&#8221; which means that the supplier who provides the IT outsourced services must be registered with the REPSE.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">IT Outsourcing \u2013 Please summarise the principal laws (present or impending), if any, that protect individual staff in the event that the service they perform is transferred to a third party IT outsource provider, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The fundamental essence of the Labor Law is to protect the rights of workers, particularly those who are in a more vulnerable position. This law was conceived in response to the need of shielding employees from potential abuses from their employers, creating a legal framework to balance the rights and obligations of workers and employers in Mexico.<\/p>\n<p>The Labor Law safeguards the individual employment and social security rights of workers in cases where services are outsourced to third-party IT service providers. According to the second paragraph of Article 14 of this Law, when a customer (individual or company) contracts specialized services with an outsourcing provider who fails to meet its obligations as an employer toward its employees, the customer becomes jointly responsible before the employees of the outsourcing provider. This legal provision serves as a protective measure for individual workers.<\/p>\n<p>While outsourcing is considered a necessary practice for companies to handle tasks beyond their core practices, regrettably, many companies and outsourcing providers have abused this framework to mimic labor relationships, leading to the violation of labor and social security rights, and in some instances, tax obligations.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Telecommunications \u2013 Please summarise the principal laws (present or impending), if any, that govern telecommunications networks and\/or services, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Telecommunications networks and services are regulated, primarily, by the Mexican Constitution and the Federal Telecommunications and Broadcasting Law <em>(Ley Federal de Telecomunicaciones y Radiodifusi\u00f3n) <\/em>(the <strong>\u201c<\/strong>Federal Telecommunications Law<strong>\u201d<\/strong>), complemented by its secondary regulations. The Federal Telecommunications Law establishes a regulatory framework for the telecommunications and broadcasting sectors, promoting competition, and ensuring the provision of telecommunication services, including broadband and internet, under conditions of competition, quality, plurality, universal coverage, interconnection, convergence, continuity, and free access throughout the Mexican territory.<\/p>\n<p>The Federal Telecommunications Law provides that in the absence of specific legislation, several supplementary laws apply, including the (i) General Law of National Assets (<em>Ley General de Bienes Nacionales<\/em>), (ii) Law of General Communication Channels (<em>Ley de V\u00edas Generales de Comunicaci\u00f3n<\/em>), (iii) Consumer Protection Law, (iv) Federal Law of Administrative Procedure (<em>Ley Federal de Procedimiento Administrativo<\/em>), (v) Code of Commerce (<em>C\u00f3digo de Comercio<\/em>), (vi) the Federal Civil Code (<em>C\u00f3digo Civil Federal<\/em>), (vii) the Federal Code of Civil Procedures (<em>C\u00f3digo Federal de Procedimientos Civiles<\/em>), and <strong>(viii)<\/strong> the general laws related to electoral matters. On December 20, 2024, a decree amending several provisions of the Mexican Constitution and ordering the disappearance of several autonomous institutions (the <strong>\u201c<\/strong>Institutional Simplification Decree<strong>\u201d<\/strong>) was published on the Federal Official Gazette. The Institutional Simplification Decree extinguished several constitutional autonomous institutions, including the main regulatory authority in the Mexican telecommunications sector: the Federal Telecommunications Institute (the \u201cIFT\u201d). The IFT will be replaced with the Federal Digital Transformation and Telecommunications Agency (<em>Agencia de Transformaci\u00f3n Digital y Telecomunicaciones) <\/em>and will include the Regulatory Telecommunications Commission (<em>Comisi\u00f3n Reguladora de Telecomunicaciones). <\/em>The Regulatory Telecommunications Commission will be empowered with technical and operative independence from the Federal Agency. These structural changes have resulted in the issuance and publication of a new Federal Telecommunications and Broadcasting Law which was just published on the Federal Official Gazette on July 17th, 2025.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Telecommunications \u2013 Please summarise any licensing or authorisation requirements applicable to the provision or receipt of telecommunications services in your country. Please include a brief overview of the relevant licensing or authorisation regime in your response.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Mexico, as of the date hereof, the provision of telecommunications services remains primarily governed by Article 28 of the Mexican Constitution and the Federal Telecommunications Law. Under this legal framework, any individual or legal entity intending to provide telecommunications services, use or exploit radio spectrum, or access public telecommunications networks must obtain either a concession or authorization granted by the regulatory authority in this sector which at the moment is the <em>IFT,<\/em> which will be substituted in the next few months by the Regulatory Commission for Telecommunications (the \u201cCommission\u201d) once the Commissioners are appointed.<\/p>\n<p>There are two main types of concessions:<\/p>\n<ul style=\"padding-left: 0\">\n<li>Public use concessions, granted to federal entities or public institutions.<\/li>\n<li>Commercial, private, or social use concessions, granted to private parties or civil society organizations.<\/li>\n<\/ul>\n<p>The corresponding authority\u2014currently the IFT and moving forward the Commission\u2014also grants authorizations for specific activities, such as operating resale services, using spectrum for certain short-range devices, or installing infrastructure on public property. Applications are evaluated on a case-by-case basis to ensure alignment with public interest.<\/p>\n<p>As mentioned above, the original Federal Telecommunications and Broadcasting Law Federal was abrogated with the issuance and publication of the new Federal Telecommunications and Broadcasting Law on the Federal Official Gazette on July 17<sup>th<\/sup>, 2025. The new law introduces significant changes to the previous legal framework, including the disappearance of the IFT and the creation of the Federal Digital Transformation and Telecommunications Agency (<em>Agencia de Transformaci\u00f3n Digital y Telecomunicaciones) <\/em>and the Regulatory Telecommunications Commission (<em>Comisi\u00f3n Reguladora de Telecomunicaciones). <\/em><\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Telecommunications \u2013 Please summarise the principal laws (present or impending) that govern access to communications data by law enforcement agencies, government bodies, and related organisations. In your response, please outline the scope of these laws, including the types of data that can typically be requested, how these laws are applied in practice (e.g., whether requests are confidential, subject to challenge, etc.), and any legal or procedural safeguards that apply.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Access to communications data by law enforcement and government agencies in Mexico is regulated by several key legal instruments, primarily:<\/p>\n<ul style=\"padding-left: 0\">\n<li>Article 16 of the Mexican Constitution, which establishes the general right to privacy and due process, and provides that any intervention in private communications must be authorized by a federal judge.<\/li>\n<li>The National Code of Criminal Procedure (<em>C\u00f3digo Nacional de Procedimientos Penales<\/em>) specifically Articles 252 and 291, which regulate the interception and collection of communications data during criminal investigations, requiring judicial authorization and setting out the procedures for lawful surveillance.<\/li>\n<li>The Federal Penal Code, Article 177, which criminalizes unauthorized interception of private communications.<\/li>\n<li>The National Security Law (<em>Ley de Seguridad Nacional<\/em>), Article 34, which allows for the interception of communications when national security is at risk, again requiring judicial approval.<\/li>\n<\/ul>\n<p>Authorities may request various types of data, including metadata, location information, and the content of communications. Such requests are typically confidential, require judicial authorization, and are subject to strict oversight. They may also be challenged in court to safeguard privacy rights.<\/p>\n<p>Additionally, telecommunications providers are legally obligated to retain metadata for 12 months and must cooperate with authorities when presented with a valid, court-authorized request.<\/p>\n<p>The Mexican Government recently announced several amendments to the General Population Law<em> (Ley General de Poblaci\u00f3n) <\/em>which are currently under discussion and review by the Mexican Congress. These amendments will contemplate, among others, the introduction of a biometric ID (CURP).<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Mobile communications and connected technologies \u2013 What are the principle standard setting organisations (SSOs) governing the development of technical standards in relation to mobile communications and newer connected technologies such as digital health or connected and autonomous vehicles?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>One of the main organizations aiming to represent and collaborate with the technological industry is the Mexican Association of the Information Technologies Industry <em>(Asociaci\u00f3n Mexicana de la Industria de Tecnolog\u00edas de Informaci\u00f3n <\/em>or <em>AMITI). <\/em>This organization was established about 40 years ago and seeks to represent the technology enterprises that are present in Mexico, being the organization with the most significant impact and representativity of the technology sector in Mexico. The main goal of AMITI is to become the main representative of the technology sector in any conversations and debates held in the public and private forums, as well as to <strong>(i)<\/strong> promote the strategy for the technological democratization in Mexico; <strong>(ii)<\/strong> develop relevant information to implement digitalization strategies; and <strong>(iii) <\/strong>to reduce the digital gap between the Mexican social sectors. AMITI has approximately 135 affiliated companies and a total of six committees, including a cybersecurity committee and an artificial intelligence and new technologies committee, which seek to develop and implement strategies to facilitate the adoption of emerging technologies, as well as to collaborate with the public sector, including the Mexican Congress, seeking to establish a communication channel to regulate new technological trends. For additional information please refer to <a href=\"https:\/\/amiti.org.mx\/quienes-somos\/\">https:\/\/amiti.org.mx\/quienes-somos\/.<\/a><\/p>\n<p>Another organization engaged in the technological industry is the National Chamber of Electronic, Telecommunications and Information Technologies Industry <em>(C\u00e1mara Nacional de la Industria Electr\u00f3nica, de Telecomunicaciones y Tecnolog\u00edas de la Informaci\u00f3n<\/em> or <em>CANIETI<\/em>). This organization has more than 85 years of experience and more than 1,000 affiliated companies throughout Mexico. Its main goal is to be the organization with the broadest representation capabilities within the electronic, telecommunications and technologies sector. For additional information please refer to <a href=\"https:\/\/canieti.org\/canieti\/quienessomos.aspx\">https:\/\/canieti.org\/canieti\/quienessomos.aspx.<\/a><\/p>\n<p>Other organizations in Mexico include, the Internet MX Association (<em>Asociaci\u00f3n de Internet MX (AIMX), <\/em>the National Association of Educational Institutions in IT <em>(Asociaci\u00f3n Nacional de Instituciones de Educaci\u00f3n en Tecnolog\u00edas de la Informaci\u00f3n, ANIEI)<\/em>, the Board of Cybersecurity and Information Security <em>(Consejo de Seguridad de la Informaci\u00f3n y Ciberseguridad)<\/em>, the Cybersecurity Mexican Association <em>(Asociaci\u00f3n Mexicana de Ciberseguridad, AMECI)<\/em>, among others.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Mobile communications and connected technologies \u2013 How do technical standards facilitating interoperability between connected devices impact the development of connected technologies?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Interoperability is defined in the Federal Telecommunications Law as the technical characteristics or features of public network, systems and telecommunications equipment that allow an effective interconnectivity, ensuring a consistent and predictable provision of telecommunication services.<\/p>\n<p>Technical standards provide a basis to permit such interoperability among mobile devices. In Mexico there are multiple technical standards within the telecommunications sector. The Digital Agency for Public Innovation <em>(Agencia Digital de Innovation P\u00fablica) <\/em>is a governmental agency seeking to conduct, design and surveil the implementation of data management, digital government and technological infrastructure governing in Mexico City, and it has established several technical standards in matters related to <em>Hardware, Software, Electronic Equipment, IT Networks, <\/em>among others. For additional information please refer to\u00a0\u00a0 <a href=\"https:\/\/adip.cdmx.gob.mx\/centros\/Asuntos-juridicos-y-normatividad\">https:\/\/adip.cdmx.gob.mx\/centros\/Asuntos-juridicos-y-normatividad.<\/a><\/p>\n<p>The <em>Normas Mexicanas (NMX) <\/em>are non-binding technical documents that establish quality specifications in connection with processes, products, services, systems and others, including within the IT and Telecommunications sectors.<\/p>\n<p>In general, technical standards (either binding or not) allow the development of technology and the interoperability of networks, systems and equipment favoring efficiency and the development of new technologies, principally for the benefit of consumers and the private sector in general.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data Protection \u2013 Please summarise the principal laws (present or impending), if any, that govern data protection, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The principal laws of Mexico\u2019s data protection legal framework are: <strong>(i)<\/strong> the Mexican Constitution. Article 6 provides the fundamental right to access and rectify personal data within public records. Article 16 establishes the rights to access, rectify, cancel, or oppose the processing of personal data (rights know as <em>Derechos Arco<\/em>). And, furthermore, article 73 empowers the Mexican Congress to legislate comprehensively on matters of data protection, reinforcing the constitutional commitment to safeguarding personal information; and <strong>(ii)<\/strong> the New Federal Privacy Law, were created to regulate the entire spectrum of data processing activities by private entities. Its objectives encompass the meticulous regulation of data retrieval, use, disclosure, storage, access, and transfer, concurrently supporting the establishment of binding self-regulation mechanisms, and to fortify the protection of personal data held by private entities, outlining a comprehensive legal framework that underpins responsible data management practices; <strong>(iii)<\/strong> the recently published General Law for the Protection of Data Held by Obliged Subjects (the \u201cNew General Privacy Law\u201d), that seeks to safeguard and preserve personal data held by any governmental body; and <strong>(iv)<\/strong> the Parameters for Self-Regulation (<em>Par\u00e1metros de Autorregulaci\u00f3n en materia de Protecci\u00f3n de Datos Personales<\/em>), that serve as a strategic guideline for entities engaging in self-regulation concerning the protection of personal data.<\/p>\n<p>The New Federal Privacy Law and the New General Privacy Law were published on the Federal Official Gazette in March 2025. While they both seek to protect the same data protection principles as their predecessors, some significant changes have been made. For instance, given the publication of the Institutional Simplification Regime, the new Federal Privacy Law formalized the disappearance of the National Institute of Transparency, Access to Information and Data Protection <em>(Instituto Nacional de Transparencia, Acceso a la Informaci\u00f3n y Protecci\u00f3n de Datos Personales)<\/em> replacing it with the Anticorruption and Fair Government Ministry <em>(Secretar\u00eda Anticorrupci\u00f3n y Buen Gobierno)<\/em>.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data Protection \u2013 What is the maximum sanction that can be imposed by a regulator in the event of a breach of any applicable data protection laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In case of failure or in the event of a breach of any applicable data protection laws, the maximum sanction that can be imposed by the Anticorruption and Fair Government Ministry consists of MXN$36,204,800 (approximately USD$1,918,492.35).<\/p>\n<p>It is important to note that this sanction is independent of any civil and\/or criminal liability that could result from the breach. The New Federal Privacy Law authorizes criminal penalties for individuals in some circumstances, including those causing data breaches or deceitfully processing personal data for profit.<\/p>\n<p>According to the New Federal Privacy Law and the New General Privacy Law \u00a0the Ministry employs a meticulous approach to determine the penalty amount, considering factors such as the nature and sensitivity of the compromised personal data, whether the data controller disregarded the data subject\u2019s objections, the intentionality or omission behind the violation, the economic capacity of the data controller, and whether the breach constitutes a repeat offense. This multifaceted evaluation ensures that penalties are proportionate to the gravity of the infringement and serves as a deterrent against future violations.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Data Protection \u2013 Do technology contracts in your country typically refer to external data protection regimes, e.g. EU GDPR or CCPA, even where the contract has no clear international element?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>It is not a common practice in technology agreements executed in Mexico to refer to external data protection regimes. As a matter of fact, no standard forms or precedents for cross-border transfers of personal data have been approved by Mexican authorities. The applicability of the Mexican data protection norms is mainly territorial in nature, and the data protection regulator may exercise jurisdiction over investigations relating to any processing made by data controllers incorporated in Mexico and their data processors, regardless of their location.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Cybersecurity \u2013 Please summarise the principal laws (present or impending), if any, that govern cybersecurity (to the extent they differ from those governing data protection), including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Although Mexico does not yet have a standalone cybersecurity law, various existing regulations cover cybersecurity-related issues. A first step was made in 2022 with the proposal for a Federal Cybersecurity Law by Congressman Javier Joaquin Lopez Casar\u00edn. While this initiative has not yet been enacted, discussions are ongoing, including a 2025 proposal for the issuance of a local cybersecurity bill in Mexico City.<\/p>\n<p>Currently, cybersecurity matters are regulated under a combination of existing laws:<\/p>\n<ul style=\"padding-left: 0\">\n<li>Federal Criminal Code (Articles 211 Bis 1 through 211 Bis 7), which criminalize unauthorized access to computer systems, data theft, data interference, and related cybercrimes.<\/li>\n<li>Mexican Constitution (Article 6 and 16), which provide the basis for privacy, data protection, and due process rights.<\/li>\n<li>Federal Telecommunications Law, which includes provisions on the security and integrity of telecommunications infrastructure.<\/li>\n<li>New Federal Privacy Law, addressing the protection and processing of personal data, which overlaps with cybersecurity in terms of breach notification and security measures.<\/li>\n<li>Federal Law on Transparency and Access to Public Information, which mandates safeguards for public sector data.<\/li>\n<li>Federal Copyright Law, which protects digital works and penalizes digital piracy and hacking related to intellectual property.<\/li>\n<li>General Law of Credit Instruments and Operations, and the Law on Credit Institutions, which include provisions related to the protection of banking systems and digital financial operations.<\/li>\n<li>Securities Market Law, in cases involving digital fraud or manipulation of financial systems.<\/li>\n<\/ul>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Cybersecurity \u2013 What is the maximum sanction that can be imposed by a regulator in the event of a breach of any applicable cybersecurity laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Sanctions for breaches of cybersecurity-related laws in Mexico vary depending on the specific law and type of infraction:<\/p>\n<p>A. Administrative Sanctions:<\/p>\n<p>Under Articles 58\u201361 of the New Federal Privacy Law, the competent authority may impose:<\/p>\n<ul style=\"padding-left: 0\">\n<li>Fines ranging from 100 to 320,000 times the daily UMA (Unidad de Medida y Actualizaci\u00f3n), which may exceed MXN 36 million for serious or repeated violations.<\/li>\n<li>Additional penalties for intentional misuse or data breaches, particularly if sensitive personal data is involved.<\/li>\n<\/ul>\n<p>B. Criminal Sanctions (Federal Criminal Code, Articles 211 Bis 1\u20137):<\/p>\n<p>The Federal Criminal Code provides for:<\/p>\n<ul style=\"padding-left: 0\">\n<li>Imprisonment ranging from 3 months to 12 years, depending on the nature of the cyber-crime (e.g., unauthorized access, data theft, interference, or system damage).<\/li>\n<li>Fines may accompany imprisonment and are calculated based on the severity of the crime and the financial damage caused.<\/li>\n<\/ul>\n<p>C. Financial and Banking Sector (Special Laws):<\/p>\n<p>Under sector-specific laws such as:<\/p>\n<ul style=\"padding-left: 0\">\n<li>The Law on Credit Institutions and the Securities Market Law, individuals or entities may face:\n<ul style=\"padding-left: 5\">\n<li>Sanctions for unauthorized access to banking or financial systems.<\/li>\n<li>Criminal charges for fraud, identity theft, or data manipulation, including imprisonment and financial penalties.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Which body(ies), if any, is\/are responsible for the regulation of artificial intelligence?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Mexico, the regulation of artificial intelligence (\u201c<em>AI<\/em>\u201d) is not yet specific, however, the government is actively working across its three branches &#8211; judicial, legislative, and executive &#8211; to develop an AI strategy aimed at regulating its use and penalizing any misuse.<\/p>\n<p>Over the past year, governmental bodies such as the National Institute of Statistics and Geography (<em>Instituto Nacional de Estad\u00edstica y Geograf\u00eda, \u201cINEGI\u201d<\/em>), and the National Council of Humanities, Sciences and Technologies (<em>Consejo Nacional de Humanidades, Ciencias y Tecnolog\u00edas, \u201cCONAHCYT\u201d<\/em>) have taken on the responsibility of overseeing AI in Mexico. However, the government is actively working on formulating a national AI strategy to promote the responsible and ethical use of AI.<\/p>\n<p>In March of 2023, the House of Representatives (<em>Diputados<\/em>) proposed the establishment of a new autonomous body to regulate AI matters, such as the Mexican Ethic Council for Artificial Intelligence and Robotics (<em>Consejo Mexicano de \u00c9tica para la Inteligencia Artificial y la Rob\u00f3tica<\/em>, <em>CMETIAR<\/em>\u201d), that will contribute to the technological development according to the ethics of new technologies, including the use of AI and Robotics inside the national territory.<\/p>\n<p>Furthermore, as a part of this legislative bill, the creation of the National Network of Statistics of Use and Supervision of Artificial Intelligence and Robotics (<em>Red Nacional de Estad\u00edstica de Uso y Monitoreo de la Inteligencia Artificial y la Rob\u00f3tica, \u201cAI Network\u201d<\/em>) aims to enhance monitoring and oversight of AI and Robotics applications, ensuring responsible and ethical deployment.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Please summarise the principal laws (present or impending), if any, that govern the deployment and use of artificial intelligence, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>As of June 2024, Mexico lacks specific legislation governing the deployment and use of AI. Nevertheless, several legal frameworks, such as the New Federal Privacy Law and the Consumer Protection Law and its associated regulations, are applicable to AI-related matters. Despite the absence of specific AI-focused regulation, judicial resolutions in Mexico have relied on existing intellectual property laws and principles in cases involving AI.<\/p>\n<p>Recognizing the importance of responsible and ethical AI use, the Mexican government is actively developing a national AI strategy. This comprehensive strategy encompasses five key areas: <strong>(i)<\/strong> governance, government, and public services;<strong> (ii) <\/strong>research and development; <strong>(iii)<\/strong> capacity, skills, and education; <strong>(iv)<\/strong> data infrastructure; and <strong>(v)<\/strong> ethics and regulation.<\/p>\n<p>Proposed measures within the strategy include a legislative bill of the Law for the Ethic Regulation of Artificial Intelligence and Robotics (<em>Ley para la Regulaci\u00f3n \u00c9tica de la Inteligencia Artificial y la Rob\u00f3tica, \u201cAI Bill<\/em>\u201d), with the goal to stablish public policies and the creation of Mexican Official Standards <em>(\u201cNormas Oficiales Mexicanas\u201d or \u201cNOMS\u201d<\/em>) that govern the use of AI and Robotics in Mexico through the creation of the CMETIAR, and the AI Network, as mentioned in question 22 above.<\/p>\n<p>The AI Bill, to the extent passed and enacted, provides the respect to the general principles of data protection, human rights and intellectual property. Further, it also states that the development, creation, investigation and use of AI shall be conducted in accordance with ethics, respect for human rights, gender perspective, and without discrimination or bias in virtue of ethnical origin, race, religion or socioeconomical conditions. Further, no private or public entity shall use AI for social manipulation or discrimination purposes, nor in contravention with the Mexican legal framework.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Are there any specific legal provisions (present or impending) in respect of the deployment and use of Large Language Models and\/or generative AI (including agentic AI)?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>As mentioned in the last two answers, as of this day there is no specific regulation for deployment and use of large language models and\/or generative AI. The AI Bill, proposed in March 2023, is the only project nowadays to protect human rights and personal data.<\/p>\n<p>The lack of specific regulations for AI, including Large Language Models and generative AI, is a current reality in Mexico, but the ongoing discussions and proposals indicate a growing awareness of the need for regulatory frameworks to address the challenges and opportunities presented by these kinds of technologies in Mexico.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Do technology contracts in your jurisdiction typically contain either mandatory (e.g. mandated by statute) or recommended provisions dealing with AI risk? If so, what issues or risks need to be addressed or considered in such provisions?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Given that, as of June 2025, the IA Bill has not been passed by the Congress, there are currently no mandatory provisions addressing AI risk that shall be contemplated in any technology contracts governed under Mexican laws. Nevertheless, in May 2022, the former authority in data protection matters, the National, Transparency Institute for the Access to Information and Personal Data Protection <em>(Instituto Nacional de Transparencia, Acceso a la Informaci\u00f3n y Protecci\u00f3n de Datos Personales, the \u201cINAI\u201d) <\/em>issued several recommendations for the use of Artificial Intelligence. In accordance with such recommendations, the INAI stated that, pursuant to publications in the U.S., Artificial Intelligence may be classified in four different categories:<\/p>\n<ol style=\"padding-left: 0\" type=\"i\">\n<li>Reactive Machines <em>(M\u00e1quinas Reactivas)<\/em>: These are the most basic types of AI which are only focused making determinations based on the present time. They lack memory of past events or experiences and thus are not able to evolve.<\/li>\n<li>Limited Memory <em>(Memoria limitada)<\/em>: This type of AI utilizes past experiences (either its own or transferred), rules of behavior and information of certain scenarios to make certain choices.<\/li>\n<li>Theory of the Mind <em>(Teor\u00eda de la Mente)<\/em>: This type of AI has means to interpret or construe the manifestation of thoughts, emotions and ideals, as well as to assess reasoning and conduct processes. This technology can work together with human beings by emulating their mental processes in accordance with the behavior and conduct that it perceives as part of their internation.<\/li>\n<li>Self-consciousness <em>(Autoconciencia)<\/em>. This technology would be self-conscious and, thus, the ability to construe a representation of itself, its surroundings and its own behavior. It has its own perception and subjective ability to perceive and learn from experience.<\/li>\n<\/ol>\n<p>Furthermore, the recommendations issued by the INAI refer to the five main principles that have been recognized by the Organization for Economic Cooperation and Development <em>(Organizaci\u00f3n para la Cooperaci\u00f3n y el Desarrollo Econ\u00f3micos, \u201cOCDE\u201d)<\/em>: <strong>(I) <\/strong>the use of AI for the benefit of the people in general and the planet pursuing and sustained growth and wellbeing; <strong>(ii)<\/strong> AI must be developed in accordance with the legal frameworks of the States, human rights, democratic values and diversity for purposes of pursuing a fair and equitable society; <strong>(iii)<\/strong> there must be a transparent and responsible disclosure of IA and its systems; <strong>(iv)<\/strong> AI systems must be implemented in a solid and safe manner, continuously assessing potential risks; and <strong>(v)<\/strong> the organizations and individuals that develop and operate AI systems shall operate with full responsibility. In addition, such recommendations, among other aspects, focuses on the importance of implementing privacy measures (in consistency with the applicable legal framework) in the application of AI in the treatment of personal data.<\/p>\n<p>Please note that, as mentioned in question 7 above, the Federal Civil Code <em>(C\u00f3digo Civil Federal)<\/em> recognizes the principle of \u201cparties\u2019 free will\u201d, thus, the parties to any technology agreement may negotiate and include any provisions they deem convenient in order to limit or deal with AI risk.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Artificial Intelligence \u2013 Do software or technology contracts in your jurisdiction typically contain provisions regarding the application or treatment of copyright or other intellectual property rights, or the ownership of outputs in the context of the use of AI systems?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>As Mexican law has not developed significantly in this matter, as of June 2025, the legal industry has not yet identified market standard provisions that shall be included in technology or Software agreements in which AI is or may have been utilized. The Copyright Law has not been amended to identify the consequences of utilizing AI technology in the creation of Software and other protected works thereunder; however, the parties remain subject to the main \u201cfree will\u201d principle which allows them to negotiate and stipulate provisions in any technology or Software agreements in connection with intellectual property rights, including but not limited to ownership thereof; provided, however, that any such provisions or stipulations shall not contravene the content of the Copyright Law.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Blockchain \u2013 What are the principal laws (present or impending), if any, that govern (i) blockchain specifically (if any) and (ii) digital assets, including a brief explanation of the general purpose of those laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Use of Blockchain in Mexico still a very brand-new feature, with a lot of work to do in aspect of regulation. The main challenges for Blockchain in Mexico are the lack of regulation we do have on these matters. Recently, it has been an effort from the Mexican Congress and the authorities mentioned on the answer above to regulate this matter.<\/p>\n<p>The principal laws that govern Blockchain and digital assets are the (<em>Circular 4\/2019<\/em>) later amended by Rule (<em>Circular<\/em> 37\/2020), both issued by Banxico. Such Rules regulates the use of digital assets by the Financial Technology Institutions (<em>Instituciones de Tecnolog\u00eda Financiera, \u201cFinTechs\u201d<\/em>) and Credit Institutions (<em>Instituciones de Cr\u00e9dito<\/em>), with the previous authorization of Banxico, promoting the use of financial technologies and the provisions of services that use digital assets mitigating risks for users and clients.<\/p>\n<p>Furthermore, the amendment to the Federal Law for the Prevention and Identification of Operations with Resources from Illegal Sources (<em>Ley Federal para la Prevenci\u00f3n e Identificaci\u00f3n de Operaciones con Recursos de Procedencia Il\u00edcita,) (the \u201cAnti-Money Laundering and Financial Compliance\u201d<\/em>), expected to be enacted in the coming months, seeks to strengthen safeguards against illicit financial activities and protect the integrity of the financial system. It establishes that institutions engaging with digital assets must comply with specific regulatory obligations, including Know Your Customer (KYC) procedures. The use, offering, and exchange of digital assets\u2014such as cryptocurrencies\u2014will now be considered a vulnerable activity, requiring all participants to meet legal requirements in order to operate within the law.The FinTech Law, drafted by the Ministry of Finance (<em>Secretar\u00eda de Hacienda y Cr\u00e9dito P\u00fablico, \u201cSHCP\u201d<\/em>), the CNBV, and BANXICO specially regulates the financial services provided by financial technology institutions such as Electronic Payment Fund Institutions (<em>Instituciones de Fondos de Pagos Electr\u00f3nicos, \u201cIFPEs\u201d<\/em>) and Crowdfunding Institutions (<em>Instituciones de Fondeo Colectivo or \u201cIFC\u201d<\/em>). The goal to provide services with digital assets without risk to users and clients.<\/p>\n<p>Additionally, the Financial Information Standard C-22 Cryptocurrencys\u2019 (<em>Norma de Informaci\u00f3n Financiera C-22 Criptomonedas<\/em>) issued by the Financial Information Council, outlines general guidelines for valuation, reporting, and disclosure of balance sheets of operations with digital assets.<\/p>\n<p>A significant development occurred on April 6, 2022, when a bill was presented before the Mexican Senate (<em>Senado de la Rep\u00fablica<\/em>) to amend the Monetary Law (<em>Ley Monetaria<\/em>). The proposed amendment aims to recognize cryptocurrency as legal tender in Mexico.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Search Engines and Marketplaces \u2013 Please summarise the principal laws (present or impending), if any, that govern search engines and marketplaces, including a brief explanation of the general purpose of those laws.<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>The primary laws that govern search engines and marketplaces in Mexico are: <strong>\u00a0<\/strong>the Electronic Commerce Mexican Official Standard NMX-COE-001-SCFI-2018 (<em>Norma Oficial Mexicana de Comercio Electr\u00f3nico NMX-COE-001-SCFI-2018<\/em>), which general purpose is to protect and guarantee the rights of the consumers that utilize marketplaces to buy their goods and\/or services, protecting at the same time their personal data and their access to information rights; and the Consumer Protection Law, which general purpose is to protect the rights of the consumers of any goods and\/or services, including a special chapter for those consumers of\u00a0 marketplaces).<\/p>\n<p>In a general aspect <strong>(i) <\/strong>the Federal Telecommunications Law, which general purpose is to regulate the operation and utilization of telecommunications and broadcasting networks and services, <strong>(ii)<\/strong> the Code of Commerce, which general purpose is to regulate the commercial relationships between providers of goods and services with consumers, and <strong>(iii)<\/strong> the New Data Privacy Law which general purpose is to regulate data processing (retrieval, use, disclosure, storage, access, and transfer of data).<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Social Media \u2013 Please summarise the principal laws (present or impending), if any, that govern social media and online platforms, including a brief explanation of the general purpose of those laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There is not a comprehensive legal framework that governs the social media in Mexico, however the primary laws in the social media legal framework are: <strong>(i)<\/strong> the Mexican Constitution, on article 6th establishes the right to access and correct personal data in public records, including social media; <strong>(ii) <\/strong>the Federal Telecommunications Law, that has as an objective to regulate, promote, and supervise the use, exploitation, and management of networks, encompassing relevant aspects of social media; and <strong>(iii)<\/strong> the New Data Privacy Law that imposes obligations on companies offering services through online platforms to ensure the consent of the information holder and preserve the privacy of personal data.<\/p>\n<p>Additionally, specific to Mexico City, the Civil Liability for the Protection of the Right to Privacy, Honor and Self-Image Federal District Law (<em>Ley de Responsabilidad Civil para la Protecci\u00f3n del Derecho a la Vida Privada, el Honor y la Imagen en el Distrito Federal<\/em>), which general purpose is to protect the right to privacy, honor, self-image of social media users.<\/p>\n<p>In 2022, a bill for Protection of Digital Users Federal Law (<em>Ley Federal de Protecci\u00f3n al Usuario Digital<\/em>) was proposed. This bill appears to have a general purpose focused on promoting and safeguarding the rights of digital users, digital services, and the intermediation of digital services. The specifics of this law, once enacted, will likely play a crucial role in shaping the legal landscape for social media in Mexico.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Social Media \u2013 What is the maximum sanction that can be imposed by a regulator in the event of a breach of any applicable online safety laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Mexico, there is currently no law specifically regulating online safety on social media platforms. However, legislative initiatives have been under discussion in recent years. One example was a bill proposed on 2021 , aims to regulate social media platforms with more than one million users. The proposal included sanctions of up to 1,000,000 UMAs (Units of Measurement and Update).<\/p>\n<p>The New Telecommunications Law is currently under discussion in Congress. While it is still unclear whether it will include specific provisions regarding online safety rules, it is important to note that one of its main goals is to ensure universal access to telecommunications services, including internet connectivity. In this context, even if the law does not directly address online safety, the effort to make internet access a reality for all may indirectly lead to the development of regulations in this area, in order to adequately protect all users.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Spatial Computing \u2013 Please summarise the principal laws (present or impending), if any, that govern spatial computing, including a brief explanation of the general purpose of those laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>There is no specific legislation in Mexico for spatial computing technologies, including augmented reality, virtual reality, or the metaverse. However, existing laws may apply, including those on data protection, intellectual property, and consumer rights, depending on the use case. Legislative discussions are ongoing regarding how to regulate these emerging technologies.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Quantum Computing \u2013 Please summarise the principal laws (present or impending), if any, that govern quantum computing and\/or issues around quantum cryptography, including a brief explanation of the general purpose of those laws?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Mexico, there are no specific laws currently in force that directly regulate quantum computing or quantum cryptography. At the moment this topics are addressed in academic, research, and scientific development contexts, with some support through government research funds and university-led innovation.<\/p>\n<p>However, considering that the has been some initiatives on the general cybersecurity field, this regulation may eventually evolve to include regulations concerning the risks and implications of quantum computing especially in areas like encryption, data protection, and critical infrastructure resilience.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">Datacentres \u2013 Does your jurisdiction have any specific regulations that apply to data centres?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>In Mexico, there are no specific regulations that apply exclusively to data centers; however, their operation is subject to a combination of legal frameworks. Most importantly, data centers must comply with the New Federal Privacy Law, which requires the implementation of technical, administrative, and physical safeguards when processing or storing personal data. Depending on the services offered, such as cloud computing or telecommunications, additional oversight from the Federal Telecommunications Institute (IFT) may apply. Data centers must also adhere to applicable construction, civil protection, and environmental regulations, as well as standards like NOM-151-SCFI-2016 for information security and digital data integrity. Thus, while not governed by a standalone law, data centers in Mexico must operate within a broad legal and regulatory landscape.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">General \u2013 What are your top 3 predictions for significant developments in technology law in the next 3 years?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>Our top 3 predictions for significant developments in technology law in the next 3 years are:<\/p>\n<ol style=\"padding-left: 0\" type=\"i\">\n<li><u>Artificial Intelligence<\/u>. Mexico is expected to adopt a regulatory framework for artificial intelligence aimed at ensuring ethical use, accountability, and innovation. Similar to global initiatives such as the EU AI Act, this framework would likely include standards for algorithmic transparency, safeguards against bias, and impact assessments for high-risk AI applications. As AI becomes more deeply embedded in sectors like healthcare, finance, and public services, regulation will play a critical role in balancing technological progress with individual rights.<\/li>\n<li><u>Cybersecurity<\/u>. In line with the developments being experienced in AI technologies and the increased use of digital platforms, individuals and companies may become subject to cyberattacks that could infringe their private data. This context has increasingly created the need for an effective legislation to protect the private rights of individuals and companies in Mexico and to prevent potential felonies that could be carried out through cybernetic means. Even though a broad data privacy legal framework has been in full force and effect in Mexico for several years now, it has not yet evolved to cybernetic security. We expect the Mexican Government to increase efforts to create a national strategy and likely enact legislation concerning cybersecurity in line with the current worldwide trend.<\/li>\n<li><u>New era of comprehensive digital regulation.<\/u> With the publication of the new Federal Telecommunications Law in July 2025, Mexico is shifting from sector-specific telecom regulation to a broader digital regulatory framework. We anticipate full implementation of new licensing and authorization regimes, stricter compliance obligations for digital platforms\u2014including streaming, delivery, and mobility services\u2014and an accelerated rollout of 5G infrastructure. This new law represents a turning point and could serve as the foundation for more specific legislation on digital services. As regulatory obligations expand for platform operators\u2014particularly around content control, government advertising restrictions, and compliance with data disclosure orders\u2014we foresee the beginning of a broader conversation around the need for a dedicated legal framework for digital platforms. In parallel, the deeper connectivity brought by 5G is likely to spark new regulatory demands in areas such as personal data protection, platform accountability, cybersecurity, and algorithmic transparency, especially as the line between telecom services and digital ecosystems continues to blur.<\/li>\n<\/ol>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\t\t\t\t\t<li class=\"question-block filter-container__element\">\r\n\t\t\t\t\t\t<h3 class=\"filter-container__match-html\">General \u2013 Do technology contracts in your country commonly include provisions to address sustainability \/ net-zero obligations or similar environmental commitments?<\/h3>\r\n\t\t\t\t\t\t<button id=\"show-me\">+<\/button>\r\n\t\t\t\t\t\t<div class=\"question_answer filter-container__match-html\" style=\"display:none;\"><p>While it is not yet common for technology agreements in Mexico to incorporate provisions addressing sustainability, net-zero obligations and\/or similar environmental commitments, it is important to note that such clauses do exist, although they are not provided frequently. This as a result of lack of legislation, awareness, and environmental protection culture within the country.<\/p>\n<p>Nevertheless, Mexico is actively striving to make substantial improvement toward achieving net-zero emissions and enhance sustainability; there is a solid regulatory framework and is aiming for sustainability and self-sufficiency based on energy sovereignty, with plans to increase the productivity and efficiency of the current hydrocarbon-based energy system while progressively integrate clean and renewable energies.<\/p>\n<p>Many Mexican or Mexican-based companies have pledged to become net-zero by 2050. This commitment involves the implementation of Rational Environmental Technologies (<em>Tecnolog\u00edas Ecol\u00f3gicamente Racionales, \u201cTER\u201d<\/em>), adherence to Environmental, Social and Governance (\u201c<em>ESG<\/em>\u201d) and Sustainable Development Goals (\u201d<em>SDG<\/em>\u201d) criteria in almost every legal aspect &#8211; including technology contracts and use of technology.<\/p>\n<p>Additionally, Mexico has a Climate Change General Law (<em>Ley General de Cambio Climatico<\/em>) which establishes a fund to allocate financial resources for initiatives combatting climate change. This includes supporting projects focused on energy efficiency and the development of renewable energy sources.<\/p>\n<p>These concerted efforts suggest a growing awareness and commitment to sustainability and environmental protection in Mexico. As this awareness continues to evolve, there is a potential for a broader integration of such provisions into technology contracts, marking a positive step towards aligning business practices with environmental responsibility in the future.<\/p>\n<\/div>\r\n\r\n\r\n\t\t\t\t\t<\/li>\r\n\r\n\t\t\t\t\r\n<div class=\"word-count-hidden\" style=\"display:none;\">Estimated word count: <span class=\"word-count\">8567<\/span><\/div>\r\n\r\n\t\t\t<\/ol>\r\n\r\n<script type=\"text\/javascript\" src=\"\/wp-content\/themes\/twentyseventeen\/src\/jquery\/components\/filter-guides.js\" async><\/script><\/div>"}},"_links":{"self":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide\/110136","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/comparative_guide"}],"about":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/types\/comparative_guide"}],"wp:attachment":[{"href":"https:\/\/my.legal500.com\/guides\/wp-json\/wp\/v2\/media?parent=110136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}